Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Bridge-Group blocking traffic to LAN.

Reply
Thread Tools

Bridge-Group blocking traffic to LAN.

 
 
JF Mezei
Guest
Posts: n/a
 
      07-24-2009
I had gotten this to work at one point by blindly trying stuff, but we
havd a power and I lost those settings and I am at a loss to get it
working again.

In short:

Cisco 871W

If my VLAN 10 interface has the "bridge-group" commands in it,
ethernet/IP traffic does not flow to/from my lan on a switch. If I
remove the "bridge-group" then traffic flows fine.

relevant bits:


bridge irb
bridge 10 protocol ieee
bridge 10 route ip
!
interface BVI 10
no ip address
no shutdown
!
interface FastEthernet0
description Trunk to Switch 1
spanning-tree portfast
switchport mode trunk
switchport trunk encapsulation dot1q
carrier-delay 10
!
!
interface Vlan10
description Intranet
ip address 10.0.0.2 255.255.0.0
ip nat inside
ip virtual-reassembly
bridge-group 10
bridge-group 10 spanning-disabled


Without the bridge-group stuff, I can actually get the "router" portion
to the ADSL cloud to work. But with the "bridge-group" (which is needed
for the wireless interfaces) nothing works. And since the link to my
dhcp server on the LAN doesn't work, the wireless stuff won't work
either since it can't get DHCP responses.

I tried to set the fa0 interface to a switchport access vlan 10, but
that didn't make a difference. (it won't let me do "bridge-group" on the
ast ethernet interface).


QUESTION: is the bridge-group solely within the router or does it "leak"
into trunk lines to other switches ? My 2924 switch doesn't know about
bridge-groups.



If I want my router to have an IP address of 10.0.0.2 accessible by
hosts in VLAN10, is the setting of the IP in the VLAN10 interface the
correct way to do it ? Or shoudl it be in the BVI interface ?
 
Reply With Quote
 
 
 
 
bod43
Guest
Posts: n/a
 
      07-24-2009
On 24 July, 18:08, JF Mezei <(E-Mail Removed)> wrote:
> I had gotten this to work at one point by blindly trying stuff, but we
> havd a power and I lost those settings and I am at a loss to get it
> working again.
>
> In short:
>
> Cisco 871W
>
> If my VLAN 10 interface has the "bridge-group" commands in it,
> ethernet/IP traffic does not flow to/from my lan on a switch. If I
> remove the "bridge-group" then traffic flows fine.
>
> relevant bits:
>
> bridge irb
> bridge 10 protocol ieee
> bridge 10 route ip
> !
> interface BVI 10
> no ip address
> no shutdown
> !
> interface FastEthernet0
> *description Trunk to Switch 1
> *spanning-tree portfast
> *switchport mode trunk
> *switchport trunk encapsulation dot1q
> *carrier-delay 10
> !
> !
> interface Vlan10
> *description Intranet
> *ip address 10.0.0.2 255.255.0.0
> *ip nat inside
> *ip virtual-reassembly
> *bridge-group 10
> *bridge-group 10 spanning-disabled
>
> Without the bridge-group stuff, I can actually get the "router" portion
> to the ADSL cloud to work. But with the "bridge-group" (which is needed
> for the wireless interfaces) nothing works. And since the link to my
> dhcp server on the LAN doesn't work, the wireless stuff won't work
> either since it can't get DHCP responses.
>
> I tried to set the fa0 interface to a switchport access vlan 10, but
> that didn't make a difference. (it won't let me do "bridge-group" on the
> ast ethernet interface).
>
> QUESTION: is the bridge-group solely within the router or does it "leak"
> into trunk lines to other switches ? My 2924 switch doesn't know about
> bridge-groups.
>
> If I want my router to have an IP address of 10.0.0.2 accessible by
> hosts in VLAN10, is the setting of the IP in the VLAN10 interface the
> correct way to do it ? Or shoudl it be in the BVI interface ?


I guess you probably need something like this.


bridge irb
bridge 10 protocol ieee
bridge 10 route ip
!
interface BVI 10
ip address 10.0.0.2 255.255.0.0
ip nat inside
ip virtual-reassembly
no shutdown
!
interface FastEthernet0
description Trunk to Switch 1
spanning-tree portfast
switchport mode trunk
switchport trunk encapsulation dot1q
carrier-delay 10
!
!
interface Vlan10
description Intranet
bridge-group 10
bridge-group 10 spanning-disabled

Assumes Vlan 10 is being trunked via Fa0.

 
Reply With Quote
 
 
 
 
JF Mezei
Guest
Posts: n/a
 
      07-24-2009
bod43 wrote:

> interface BVI 10
> ip address 10.0.0.2 255.255.0.0
> ip nat inside
> ip virtual-reassembly
> no shutdown


Many Thanks. That did the trick.

Now, with BVI having an IP interface and the VLAN having none, it
appears to work, (in terms of being able to reach the lan from the
router and vice versa).

Would it be correct to state that all packets flow thorugh the BVI and
it is the BVI that decides whether the packet is to go through a router
interface or just a switched one ?

I take it that
bridge 10 protocol ieee
bridge 10 route ip
end up defining the behaviour of the BVI 10 interface ?



(Now, I have to work on the right incantation and prayers to get the
wrireless interface to work again ;-(
 
Reply With Quote
 
bod43
Guest
Posts: n/a
 
      07-24-2009
On 24 July, 19:53, JF Mezei <(E-Mail Removed)> wrote:
> bod43 wrote:
> > interface BVI 10
> > *ip address 10.0.0.2 255.255.0.0
> > *ip nat inside
> > *ip virtual-reassembly
> > *no shutdown

>
> Many Thanks. That did the trick.
>
> Now, with BVI having an IP interface and the VLAN having none, it
> appears to work, (in terms of being able to reach the lan from the
> router and vice versa).
>
> Would it be correct to state that all packets flow thorugh the BVI and
> it is the BVI that decides whether the packet is to go through a router
> interface or just a switched one ?
>
> I take it that
> * * * * bridge 10 protocol ieee
> * * * * bridge 10 route ip
> end up defining the behaviour of the BVI 10 interface ?
>
> (Now, I have to work on the right incantation and prayers to get the
> wrireless interface to work again ;-(


You need to put the dot11 int into bridge group 10 too.

Without the wireless all you would need is

int vl 10
ip add....

no irb
no bridge 10 protocol ieee
no bridge 10 route ip

The wireless seems to add confusion in that
you need to use the old bridging commands
to joint the wireless interface to the rest of the
VLAN.

What I mean is that on an ethernet interface you
simply configure
int fa 30
sw mode access
sw access vl 10

But for some reason on the dot11 int that does
not seem to work.

I guess it may be to do with the mixture of
traditional router and switch that is an 871.

It gets even more mad when you want more than
one SSID on the wireless. I simply can't understand
that config at all even though I have it working. It's
a miracle I got it going at all.

Look up integrated routing and bridging (IRB)
for details of that aspect of it.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Switching from Non-Blocking to Blocking IO Christian Java 5 12-02-2007 11:24 PM
Non-blocking and semi-blocking Sockets class. nukleus Java 14 01-22-2007 08:22 PM
stealth-blocking, isp blocking website Dhruv Computer Security 9 01-25-2005 05:37 PM
Blocking and non blocking assignment in VHDL Hendra Gunawan VHDL 1 04-08-2004 06:03 AM
blocking i/o vs. non blocking i/o (performance) Andre Kelmanson C Programming 3 10-12-2003 02:09 PM



Advertisments